> > +1. In that case, can you explain this expectation in the JIRA. Because, > JIRA just includes the error and does not mention how the flow should be. >
Updated the JIRA with the relevant information. > > >> >> That's the reason for raising this JIRA. >> >> 3. For the case I tried, where in first step user authenticates with >>> Google and in the second step TOTP comes, the user didn't get associated >>> with the local user even though I have configured so. Still TOTP worked but >>> the problem was there was no way to enforce re-scanning of the QR code. >>> Given the fact, I too think user should always be associated for a local >>> user, or if such a user is not found may be JIT provision the federated >>> user (may be by honouring the JIT provisioning config). Else the end to end >>> authentication flow should fail with appropriate error messages. >>> >>> >>> >>>> >>>>> [1] https://docs.wso2.com/display/ISCONNECTORS/Configuring+TOTP+ >>>>> Authenticator >>>>> >>>>> Thanks >>>>> >>>>> >>>>> Kanapriya Kuleswararajan >>>>> Software Engineer | WSO2 >>>>> Mobile : - 0774894438 >>>>> Mail : - [email protected] >>>>> LinkedIn : - https://www.linkedin.com/in/kanapriya-kules-94712685/ >>>>> >>>>> On Mon, Oct 23, 2017 at 11:51 PM, Malithi Edirisinghe < >>>>> [email protected]> wrote: >>>>> >>>>>> Hi Team, >>>>>> >>>>>> I configured two step authentication with google federated >>>>>> authentication and TOTP for a service provider; i.e, first step is >>>>>> configured to use google as federated IdP, second step is TOTP. >>>>>> Both 'authenticationMandatory' and 'enrolUserInAuthenticationFlow' >>>>>> is set to true in TOTP authenticator configuration in >>>>>> application-authentication.xml file, such that TOTP is enforced and can >>>>>> enrol user while login. >>>>>> >>>>>> Now, when trying to access the SP, Google login page popped up for >>>>>> which user credentials were provided and authenticated. Then, in the next >>>>>> step, TOTP propose to enrol the user by scanning the QR code which was >>>>>> done. The federated user logged in successfully. >>>>>> >>>>>> Now, suppose I want to refresh the secret key of this account or >>>>>> clear it, such that the user needs to scan the QR code again. This could >>>>>> be >>>>>> done for a local user as the secret key was stored under ' >>>>>> http://wso2.org/claims/identity/secretkey' claim. But, for the user >>>>>> federated over google this could not be done. And I'm not sure where do >>>>>> we >>>>>> store the secret key for this account. >>>>>> >>>>>> Appreciate your input. >>>>>> >>>>>> Thanks, >>>>>> Malithi. >>>>>> >>>>>> -- >>>>>> >>>>>> *Malithi Edirisinghe* >>>>>> Associate Technical Lead >>>>>> WSO2 Inc. >>>>>> >>>>>> Mobile : +94 (0) 718176807 >>>>>> [email protected] >>>>>> >>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> *Malithi Edirisinghe* >>>>> Associate Technical Lead >>>>> WSO2 Inc. >>>>> >>>>> Mobile : +94 (0) 718176807 >>>>> [email protected] >>>>> >>>> >>>> >>> >>> >>> -- >>> >>> *Malithi Edirisinghe* >>> Associate Technical Lead >>> WSO2 Inc. >>> >>> Mobile : +94 (0) 718176807 >>> [email protected] >>> >> >> > > > -- > > *Malithi Edirisinghe* > Associate Technical Lead > WSO2 Inc. > > Mobile : +94 (0) 718176807 > [email protected] >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
